From 83f72773b7242d86263a18950fca7c8101d7038d Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Tue, 12 Jul 2011 23:52:33 +0000
Subject: http: reject non-LWS CTL chars (0..31 + 127) in field values

RFC 2616 doesn't appear to allow most CTL bytes even though
Mongrel always did.  Rack::Lint disallows 0..31, too, though we
allow "\t" (HT, 09) since it's LWS and allowed by RFC 2616.
---
 test/unit/test_http_parser.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'test')

diff --git a/test/unit/test_http_parser.rb b/test/unit/test_http_parser.rb
index 27196db..41055b0 100644
--- a/test/unit/test_http_parser.rb
+++ b/test/unit/test_http_parser.rb
@@ -813,6 +813,24 @@ class HttpParserTest < Test::Unit::TestCase
     assert_equal "hello\t world", parser.env["HTTP_X_SPACE"]
   end
 
+  def test_null_byte_header
+    parser = HttpParser.new
+    get = "GET / HTTP/1.1\r\nHost: \0\r\n\r\n"
+    assert_raises(HttpParserError) { parser.add_parse(get) }
+  end
+
+  def test_null_byte_in_middle
+    parser = HttpParser.new
+    get = "GET / HTTP/1.1\r\nHost: hello\0world\r\n\r\n"
+    assert_raises(HttpParserError) { parser.add_parse(get) }
+  end
+
+  def test_null_byte_at_end
+    parser = HttpParser.new
+    get = "GET / HTTP/1.1\r\nHost: hello\0\r\n\r\n"
+    assert_raises(HttpParserError) { parser.add_parse(get) }
+  end
+
   def test_empty_header
     parser = HttpParser.new
     get = "GET / HTTP/1.1\r\nHost:  \r\n\r\n"
-- 
cgit v1.2.3-24-ge0c7